CVE-2009-4134 — Out-of-bounds Write in Python

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

2.6%

top 14.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Debian Python2.7

Timeline

PublishedMay 27

Latest updateMay 2

Description

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDpython/python2.5.0

▶debiandebian/python2.7

Patches

Patch: bugs.python.org ↗Patch: bugzilla.redhat.com ↗Patch: bugs.python.org ↗

🔴Vulnerability Details

GHSA

GHSA-5g97-f544-j8g3: Buffer underflow in the rgbimg module in Python 2↗2022-05-02

▶

📋Vendor Advisories

Red Hat

python: rgbimg: multiple security issues↗2010-05-10

▶

Debian

CVE-2009-4134: python2.7 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to c...↗2009

▶

💬Community

Bugzilla

CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues↗2009-11-26

▶